An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-02T15:18:49

Updated: 2024-08-03T21:47:33.133Z

Reserved: 2021-03-18T00:00:00

Link: CVE-2021-28677

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-02T16:15:08.827

Modified: 2024-11-21T06:00:06.653

Link: CVE-2021-28677

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-04-01T00:00:00Z

Links: CVE-2021-28677 - Bugzilla